210-255 Real Exam Dumps Questions and answers 41-50

Get Full Version of the Exam
http://www.EnsurePass.com/210-255.html

Question No.41

Which process is being utilized when IPS events are removed to improve data integrity?

A.

data normalization

B.

data availability

C.

data protection

D.

data signature

Correct Answer: A

Question No.42

Which description of a retrospective malvare detection is true?

A.

You use Wireshark to identify the malware source.

B.

You use historical information from one or more sources to identify the affected host or file.

C.

You use information from a network analyzer to identify the malware source.

D.

You use Wireshark to identify the affected host or file.

Correct Answer: B

Question No.43

Which option filters a LibPCAP capture that used a host as a gateway?

A.

tcp|udp] [src|dst] port lt;portgt;

B.

[src|dst] net lt;netgt; [{mask lt;maskgt;}|{len lt;lengt;}]

C.

ether [src|dst] host lt;ehostgt;

D.

gateway host lt;hostgt;

image

Correct Answer: D

Question No.44

Which goal of data normalization is true?

A.

Reduce data redundancy.

B.

Increase data redundancy.

C.

Reduce data availability.

D.

Increase data availability

Correct Answer: A

Question No.45

Which network device creates and sends the initial packet of a session?

A.

source

B.

origination

C.

destination

D.

network

Correct Answer: A

Question No.46

Which option is generated when a file is run through an algorithm and generates a string specific to the contents of that file?

A.

URL

B.

hash

C.

IP address

D.

destination port

Correct Answer: B

Question No.47

Which option allows a file to be extracted from a TCP stream within Wireshark?

A.

File gt; Export Objects

B.

Analyze gt; Extract

C.

Tools gt; Export gt; TCP

D.

View gt; Extract

Correct Answer: A

image

Question No.48

Which identifies both the source and destination location?

A.

IP address

B.

URL

C.

ports

D.

MAC address

Correct Answer: A

Question No.49

You have run a suspicious file in a sandbox analysis tool to see what the file does. The analysis report shows that outbound callouts were made post infection. Which two pieces of information from the analysis report are needed or required to investigate the callouts? (Choose two.)

A.

file size

B.

domain names

C.

dropped files

D.

signatures

E.

host IP addresses

Correct Answer: BC

Question No.50

Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?

A.

TTLs

B.

ports

C.

SMTP replies

D.

IP addresses

Correct Answer: B

Get Full Version of 210-255 Dumps

Leave a Reply

Your email address will not be published. Required fields are marked *